Topics

Featured in Development

Alex Bradbury gives an overview of the status and development of RISC-V as it relates to modern operating systems, highlighting major research strands, controversies, and opportunities to get involved.

Featured in Architecture & Design

Will Jones talks about how Habito, the leading digital mortgage broker, benefited from using Haskell, some of the wins and trade-offs that have brought it to where it is today and where it's going next. He also talks about why functional programming is beneficial for large projects, and how it helps especially with migrating the data store.

Featured in AI, ML & Data Engineering

Katharine Jarmul discusses research related to fair-and-private ML algorithms and privacy-preserving models, showing that caring about privacy can help ensure a better model overall and support ethics.

Featured in Culture & Methods

This personal experience report shows that political in-house games and bad corporate culture are not only annoying and a waste of time, but also harm a lot of initiatives for improvement. Whenever we become aware of the blame game, we should address it! DevOps wants to deliver high quality. The willingness to make things better - products, processes, collaboration, and more - is vital.

Featured in DevOps

Service mesh architectures enable a control and observability loop. At the moment, service mesh implementations vary in regard to API and technology, and this shows no signs of slowing down. Building on top of volatile APIs can be hazardous. Here we suggest to use a simplified, workflow-friendly API to shield organization platform code from specific service-mesh implementation details.

Licensed can detect dependencies from a variety of languages and package managers across multiple projects in a repository. Supported package managers include Bower, Bundler, Cabal, Go, Manifest lists, and NPM. For each dependency found, Licensed can retrieve its basic metadata and relevant license information, such the license type and associated legal text (usually stored in a LICENSE file) from the location in the local environment. To detect license type and text, Licensed uses Licensee. All detected metadata is stored at a given location that can be used to generate the copy of all licenses such as is required for distribution.

What is more important, GitHub suggests, is metadata and license text can be put under revision control. When you do so, adding any new dependencies is reflected at PR-level and license experts can specifically review any new licenses to detect any issues that should be dealt with. Based on their own experience with this process, GitHub claims this is an effective way to reduce friction on the developer and to ensure only dependencies that meet the organization’s requirements are included in any product.

The workings of Licensed are controlled through a configuration file where you specify a source_path location to scan for dependencies, a cache_path directory to store metadata, and a list of allowed licenses. This is how a simplified configuration file can appear:

Licensed is a ruby gem that you can install by adding the following line to your Gemfile:

gem 'licensed', :group => 'development'

And then run:

$ bundle

You can ask Licensed to list all the dependencies of your project by running:

$ licensed list

Similarly, the cache command will cache both licenses and metadata, while the status command will check the status of dependencies and emit warnings if license data is missing or the license type needs to be reviewed.

GitHub stresses the fact that Licensed is just a tool for early detection of any licensing issues and that it cannot replace professional legal advice.